RE: Honeypot Server

["Brett Kennedy" <Brett.Kennedy () caseware com>]

Depending on the purpose of the honeypot, most likey you want an
environment as similar as possible to the real environment you wish to
simulate with the honeypot. This would let you study the attacks on the
honeypot in the most meaningful way. You'd also want software then to
monitor tcp traffic, changes to the local drive and so on. These could
be standard software used for these purposes, such as mod_security,
tripwire etc., and not necessarily honeypot-specific.
Brett


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Gleb Paharenko
Sent: January 17, 2008 12:48 PM
To: m.farid.shawara () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Honeypot Server

Dear Farid.

Though I have not practical experience with honeypots yet. I suggest you
a good resource:
 honeynet.org

Also you should determine the needs of your honeypot (just get
attempts to connect, or research what malicious atacker is doing), and
select an appropriated solution, it can be a whole honeypot
infrastructure. Honeynet claims that their live cd is fine:
  https://projects.honeynet.org/honeywall/

2008/1/17, m.farid.shawara () gmail com <m.farid.shawara () gmail com>:
> Dear All :
>
> Can you advise what is the best honeypot server available
> Open-source or commercial - it doesn't matter as long as it will be
easy to
> administrate and easy to monitor and alerted ...
>
> Mohamed Farid ...


-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com

--
Click the link below to report this message as spam to Caseware E-Mail 
Security Server ESVA. 
http://esva1.caseware.com/cgi-bin/learn-msg.cgi?id=4B7621ED254.49828